that security is often disabled in order to support easier installation.
               Thus, it is common for the IT administrator to have the responsibility

               of turning on and configuring security to match the needs of his or her
               specific environment. Maintaining security is often a trade-off with
               user-friendliness and functionality, as you can see in Figure 20.1.
               Additionally, as you add or increase security, you will also increase
               costs, increase administrative overhead, and reduce
               productivity/throughput.









































               FIGURE 20.1 Security vs. user-friendliness vs. functionality


               Systems Development Lifecycle

               Security is most effective if it is planned and managed throughout the

               lifecycle of a system or application. Administrators employ project
               management to keep a development project on target and moving
               toward the goal of a completed product. Often project management is
               structured using lifecycle models to direct the development process.
               Using formalized lifecycle models helps ensure good coding practices

               and the embedding of security in every stage of product development.